Overview

overview

10

Static

static

3

6eeedd3877...23.exe

windows7-x64

10

6eeedd3877...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6eeedd387703a45d7a07c3dbd8494b7ce6ef1f5cd5d85657abbc27f3bf769b23.exe

  • Size

    800KB

  • Sample

    241222-m9me4swjdx

  • MD5

    77b717a33840cf6db1ee89fdfacaf851

  • SHA1

    86785933a8c5910eec3034c535a765e1bdf973c1

  • SHA256

    6eeedd387703a45d7a07c3dbd8494b7ce6ef1f5cd5d85657abbc27f3bf769b23

  • SHA512

    031913f06c4a933e1e50d9464c318aacab2b1e0f2ebdce1b21289d4dfb552b5adcc000415e1686a158de7031e759cf1ce238e94544e6be68a53f7f6eb13c0057

  • SSDEEP

    12288:o9hR2t/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KFHTP7rXFr/+zrWAI5KFum/+zy:6mm0BmmvFimm0MTP7hm0Bmmv+

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6eeedd387703a45d7a07c3dbd8494b7ce6ef1f5cd5d85657abbc27f3bf769b23.exe

    • Size

      800KB

    • MD5

      77b717a33840cf6db1ee89fdfacaf851

    • SHA1

      86785933a8c5910eec3034c535a765e1bdf973c1

    • SHA256

      6eeedd387703a45d7a07c3dbd8494b7ce6ef1f5cd5d85657abbc27f3bf769b23

    • SHA512

      031913f06c4a933e1e50d9464c318aacab2b1e0f2ebdce1b21289d4dfb552b5adcc000415e1686a158de7031e759cf1ce238e94544e6be68a53f7f6eb13c0057

    • SSDEEP

      12288:o9hR2t/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KFHTP7rXFr/+zrWAI5KFum/+zy:6mm0BmmvFimm0MTP7hm0Bmmv+

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks